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METHOD OF LIMITING COMMUNICATION ACCESS BETWEEN 
WIRELESS LAN TERMINALS 

BACKGROUND OF THE INVENTION 
5 1. Field of the Invention: 

The present invention relates to a method of limiting communication 
access between wireless LAN terminals. 
2. Description of the Related Art: 

Some conventional inter-LAN repeaters for use in wireless LAN 
10 access point installations for regenerating signals between wired LANs and 
wireless LANs are capable of dispensing with unwanted repeating 
operation for unstudied stations in the wireless LANs thereby to greatly 
reduce the load on transmission paths in the wireless LANs which have a 
low transmission rate (see, for example, Patent Document 1 below). 
15 There is known a wireless LAN system in which an access point as a 

control terminal device receives a frame destined outside a cell and makes 
a response representative of a reception success or a reception failure for 
efficient communications with a wireless terminal device in another cell or a 
wired terminal device connected tp a wired transmission path (see, for 
20 example, Patent Document 2 below). 

According to another known wireless LAN system, a control device 
stores connection permitting conditions for mobile stations (wireless LAN 
terminals) in respective access points, determines whether a connection 
request from a mobile station matches any of the stored connection 
25 permitting conditions, and allows the mobile station to be connected only if 
the connection request matches a stored connection permitting condition 
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(see, for example, Patent Document 3 below). 

FIG. 1 of the accompanying drawings shows a sequence of 
operation of a conventional wireless LAN that is made up of only existing 
devices. Address information allocated to terminals in the conventional 
5 wireless LAN shown in FIG. 1 is as follows: 
Wireless LAN terminal 1 : 

IP address = 192.168.1.1 
Subnet mask = 255.255.255.0 
Subnet = 192.168.1 
1 0 Default gateway = 1 92. 1 68. 1 .254 (= access limiter); 

Wireless LAN terminal 2: 

IP address = 192.168.1.2 
Subnet mask = 255.255.255.0 
Subnet = 192.168.1 
15 Default gateway = 192.168.1 .254 (= access limiter); 

Wired terminal: 

IP address = 192.168.0.1 
Subnet mask = 255.255.255.0 
Subnet = 192.168.0 
20 Default gateway = 192.168.1.254 (= access limiter). 

In FIG. 1 , the wireless LAN terminals have identical subnets. In 
reply to an ARP request that flows from wireless LAN terminal 1 (604) to 
wireless LAN terminal 2 (605) prior to packet transmission, wireless LAN 
terminal 2 (605) directly returns a response. Therefore, data are returned 
25 from a wireless LAN access point, and communications are made without 
through access limiter 602. 
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According to conventional communications between wireless LAN 
terminals, because 

(1) identical subnets are allocated to wireless LAN terminals, and 

(2) packets designed for the identical subnets are sent not through a 
5 default gateway, 

data flow from wireless LAN terminal 1 to the access point to wireless LAN 
terminal 2, and hence an access limiting function cannot be provided 
unless the access point is modified. 

Patent Document 1 : Japanese laid-open patent publication No. 8- 
10 274804; 

Patent Document 2: Japanese laid-open patent publication No. 10- 
164073; and 

Patent Document 3: Japanese laid-open patent publication No. 11- 
55286. 

15 The above conventional systems suffer from a problem as to how 

communications between wireless LAN terminals are to be seized with 
respect to band limitation and charging for pay services such as hot spots 
or the like. 

Pay services such as hot spots or the like, which should be provided 
20 inexpensively unlike cellular phone services, do not have a lot of money to 
spend for constructing a network of their own. It is considered customary 
for those services to employ wireless LAN access points that can be 
purchased ordinarily, e.g., access points that are commercially available 
for about 30,000 yen, rather than customized access points. If hot spot 
25 services are to begin at locations where such inexpensive access points 
have already been installed (they cannot easily be removed as they are 
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generally incorporated in buildings), it is the normal practice to use the 
existing equipment. However, since an inexpensive access point is not 
expected to be used by hot spot services, data sent from a wireless LAN 
terminal to another wireless LAN terminal are returned from the access 
5 point. 

When communications such as ftp communications are performed 
between wireless LAN terminals that are not designed for use with hot spot 
services, the entire wireless band is consumed, causing trouble to the hot 
spot services. Basically, hot spot services need to limit communications 

10 between wireless LAN terminals. 

Attention is being paid to hot spot services using wireless LANs. If 
an existing wireless LAN access point is employed, then since the access 
point returns data, data communications started between wireless 
terminals tend to occupy 100 % of the wireless band in an area which 

15 cannot be controlled by the service provider, resulting in the danger of a 
failure to provide the services. 

Consequently, it is necessary to solve the problem as to what should 
be done to prevent packets transmitted between wireless LAN terminals 
from being returned from an access point. 

20 SUMMARY OF THE INVENTION 

It is an object of the present invention to provide a method of limiting 
communication access between wireless LAN terminals to achieve 
inhibition/permission of communications and priority control over 
communications without modifying existing commercially available wireless 

25 LAN access points that are not designed for sophisticated settings such as 
for priority control or the like. 
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According to the present invention, there is provided a method of 
limiting communication access between wireless LAN terminals of a 
wireless LAN, comprising the steps of allocating different subnetwork 
addresses to respective wireless LAN terminals, setting default gateways 
5 of the respective wireless LAN terminals as a single access limiter, and 
returning a communication packet between the wireless LAN terminals, 
which would otherwise be returned from a wireless LAN access point, from 
the access limiter which is set as the default gateways rather than a 
wireless LAN access point, for thereby providing an access limiting 

10 function to limit communication access between the wireless LAN terminals 
without modifying the existing wireless LAN access point. 

The access limiter has two LAN interfaces connected respectively to 
a wired terminal and the wireless LAN access point, the wireless LAN 
terminals being connected to the wireless LAN access point, the access 

15 limiter having an access limiting function for passing or dropping a received 
packet to thereby inhibit or permit communications between the terminals, 
a band limiting function for buffering a received packet to process audio 
packets with priority over other packets, a routing function for distributing 
packets selectively to the wired terminal and the wireless LAN access point 

20 depending on the destination of the packets, a DHCP server for allocating 
IP addresses having different subnets for the respective terminals in 
response to DHCP requests from the wired LAN terminals, and an ARP 
server installed in an existing IP protocol stack. 

When a first one of the wireless LAN terminals is turned on, the first 

25 wireless LAN terminal sends a DHCP request to the wireless LAN access 
point for automatically resolving its own IP address. The wireless LAN 
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access point, which operates as a bridge between a wireless LAN and a 
wired LAN, transfers the received DHCP request to the access limiter. The 
access limiter, which has a DHCP server function, returns a DHCP 
response to the DHCP request to the wireless LAN access point. The 
5 wireless LAN access point, which has received the DHCP response, 
converts the DHCP response from wired data to wireless data, sends the 
DHCP response to the first wireless LAN terminal to allow the first wireless 
LAN terminal to make IP communications according to IP address 
information allocated from the DHCP server. When a second one of the 

10 wireless LAN terminals is turned on, the second wireless LAN terminal 
sends a DHCP request to the wireless LAN access point for automatically 
resolving its own IP address. The wireless LAN access point, which 
operates as the simple bridge between a wireless LAN and a wired LAN, 
transfers the received DHCP request to the access limiter. The access 

15 limiter, which has the DHCP server function, returns a DHCP response to 
the DHCP request to the wireless LAN access point. The wireless LAN 
access point, which has received the DHCP response, converts the DHCP 
response from wired data to wireless data, sends the DHCP response to 
the second wireless LAN terminal to allow the second wireless LAN 

20 terminal to make IP communications according to IP address information 
allocated from the DHCP server. The first wireless LAN terminal sends a 
packet destined for the second wireless LAN terminal to the access limiter. 
The access limiter transfers the received packet, which is destined for the 
second wireless LAN terminal, to the second wireless LAN terminal. 

25 Alternatively, when the first wireless LAN terminal is turned on, the 

first wireless LAN terminal sends a DHCP request to the wireless LAN 
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access point for automatically resolving its own IP address. Since the 
DHCP request is a broadcast packet, the wireless LAN access point 
transfers the DHCP request to the access limiter on a wired LAN, and 
broadcasts the DHCP request to the second wireless LAN terminal. The 
5 access limiter, which has received the DHCP request, sets its own IP 
address to a predetermined value, and sends IP address information as a 
response to the first wireless LAN terminal. The second wireless LAN 
terminal, which has received the DHCP request, drops the received packet 
as the DHCP server is not activated. When the second wireless LAN 

10 terminal is turned on, the second wireless LAN terminal sends a DHCP 
request to the wireless LAN access point for automatically resolving its 
own IP address. Since the DHCP request is a broadcast packet, the 
wireless LAN access point transfers the DHCP request to the access 
limiter on the wired LAN, and broadcasts the DHCP request to the first 

15 wireless LAN terminal. The access limiter, which has received the DHCP 
request, sets its own IP address to a predetermined value, and sends IP 
address information as a response to the second wireless LAN terminal. 
The first wireless LAN terminal, which has received the DHCP request, 
drops the received packet as the DHCP server is not activated. When a 

20 packet is to be sent from the first wireless LAN terminal to the second 

wireless LAN terminal, since a subnet of the first wireless LAN terminal is 
different from a subnet of the second wireless LAN terminal, before the first 
wireless LAN terminal sends the packet to the access limiter set as the 
default gateways, the first wireless LAN terminal sends an ARP request to 

25 resolve a MAC address of the default gateways. The wireless LAN access 
point, which has received the ARP request, transfers the ARP request to 
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the access limiter on the wired LAN and the second wireless LAN terminal. 
The access limiter which has the same address returns a response to the 
ARP request, and the second wireless LAN terminal which has a different 
address drops the packet. Since the first wireless LAN terminal has had 
5 the MAC address resolved by the ARP request, the first wireless LAN 
terminal sends a packet destined for the second wireless LAN terminal to 
the access limiter. If the access limiter is to permit communications 
between the wireless LAN terminals, the access limiter returns the received 
packet and sends the received packet to the second wireless LAN terminal. 

10 Further alternatively, when the first wireless LAN terminal is turned 

on, the first wireless LAN terminal sends a DHCP request to the wireless 
LAN access point for automatically resolving its own IP address. Since the 
DHCP request is a broadcast packet, the wireless LAN access point 
transfers the DHCP request to the access limiter on a wired LAN, and 

15 broadcasts the DHCP request to the second wireless LAN terminal. The 
access limiter, which has received the DHCP request, sets its own IP 
address to a predetermined value, and sends IP address information as a 
response to the first wireless LAN terminal. The second wireless LAN 
terminal, which has received the DHCP request, drops the received packet 

20 as the DHCP server is not activated. When the second wireless LAN 
terminal is turned on, the second wireless LAN terminal sends a DHCP 
request to the wireless LAN access point for automatically resolving its 
own IP address. Since the DHCP request is a broadcast packet, the 
wireless LAN access point transfers the DHCP request to the access 

25 limiter on the wired LAN, and broadcasts the DHCP request to the first 
wireless LAN terminal. The access limiter, which has received the DHCP 
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request, sets its own IP address to a predetermined value, and sends IP 
address information as a response to the second wireless LAN terminal. 
The first wireless LAN terminal, which has received the DHCP request, 
drops the received packet as the DHCP server is not activated. When a 
5 packet is to be sent from the first wireless LAN terminal to the second 
wireless LAN terminal, since a subnet of the first wireless LAN terminal is 
different from a subnet of the second wireless LAN terminal, before the first 
wireless LAN terminal sends the packet to the access limiter set as the 
default gateways, the first wireless LAN terminal sends an ARP request to 

10 resolve a MAC address of the default gateways. The wireless LAN access 
point, which has received the ARP request, transfers the ARP request to 
the access limiter on the wired LAN and the second wireless LAN terminal. 
The access limiter which has the same address returns a response to the 
ARP request, and the second wireless LAN terminal which has a different 

15 address drops the packet. Since the first wireless LAN terminal has had 
the MAC address resolved by the ARP request, the first wireless LAN 
terminal sends a packet destined for the second wireless LAN terminal to 
the access limiter. If the access limiter is to inhibit communications 
between the wireless LAN terminals, the access limiter drops the received 

20 packet. 

Further alternatively, when the first wireless LAN terminal is turned 
on, the first wireless LAN terminal sends a DHCP request to the wireless 
LAN access point for automatically resolving its own IP address. Since the 
DHCP request is a broadcast packet, the wireless LAN access point 
25 transfers the DHCP request to the access limiter on a wired LAN, and 
broadcasts the DHCP request to the second wireless LAN terminal. The 
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access limiter, which has received the DHCP request, sets its own IP 
address to a predetermined value, and sends IP address information as a 
response to the first wireless LAN terminal. The second wireless LAN 
terminal, which has received the DHCP request, drops the received packet 
5 as the DHCP server is not activated. When the second wireless LAN 
terminal is turned on, the second wireless LAN terminal sends a DHCP 
request to the wireless LAN access point for automatically resolving its 
own IP address. Since the DHCP request is a broadcast packet, the 
wireless LAN access point transfers the DHCP request to the access 

10 limiter on the wired LAN, and broadcasts the DHCP request to the first 
wireless LAN terminal. The access limiter, which has received the DHCP 
request, sets its own IP address to a predetermined value, and sends IP 
address information as a response to the second wireless LAN terminal. 
The first wireless LAN terminal, which has received the DHCP request, 

15 drops the received packet as the DHCP server is not activated. When a 
packet is to be sent from the first wireless LAN terminal to the second 
wireless LAN terminal, since a subnet of the first wireless LAN terminal is 
different from a subnet of the second wireless LAN terminal, before the first 
wireless LAN terminal sends the packet to the access limiter set as the 

20 default gateways, the first wireless LAN terminal sends an ARP request to 
resolve a MAC address of the default gateways. The wireless LAN access 
point, which has received the ARP request, transfers the ARP request to 
the access limiter on the wired LAN and the second wireless LAN terminal. 
The access limiter which has the same address returns a response to the 

25 ARP request, and the second wireless LAN terminal which has a different 
address drops the packet. Since the first wireless LAN terminal has had 
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the MAC address resolved by the ARP request, the first wireless LAN 
terminal sends a packet destined for the second wireless LAN terminal to 
the access limiter. If the access limiter is to buffer communications 
between the wireless LAN terminals, the access limiter performs priority 
5 control of the received packet depending on the property thereof. 

According to the present invention, in order to change a flow of 
packets from a wireless LAN via an access point to a wireless LAN to a 
flow of packets from a wireless LAN via an access point and a returning 
device to a wireless LAN, different subnets are allocated to respective 

10 wireless LAN terminals, and the returning device is set as a default 

gateway. With this arrangement, packets originating from a wireless LAN 
terminal and destined for another wireless LAN terminal can be fetched 
from the default gateway that is connected to a wired LAN. It is possible to 
control communications between wired LAN terminals by returning packets 

15 from the default gateway (= access limiter) and introducing a band limiting 
function and a blocking function. 
Since a DHCP server: 

(A) allocates different subnets to respective wireless LAN terminals, 

and 

20 (B) incorporates an access limiting function and a band limiting 

function, 

it is possible to achieve inhibition/permission of communications and 
priority control over communications for requests from wired LAN terminals 
without modifying existing commercially available wireless LAN access 
25 points that are not designed for sophisticated settings such as for priority 
control or the like. 
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With this arrangement, priority control over packets can be realized 
by an additional device to be added to many existing inexpensive wireless 
LAN access points that are in widespread use. 

The method according to the present invention is expected to 
5 achieve priority control over audio packets in a network which handle a 
mixture of audio packets and data packets. 

The above and other objects, features, and advantages of the 
present invention will become apparent from the following description with 

> 

reference to the accompanying drawings which illustrate an example of the 
10 present invention. 

BRIEF DESCRIPTION OF THE DRAWINGS 
FIG. 1 is a diagram showing a sequence of operation of a 
conventional wireless LAN; 
15 FIG. 2 is a diagram showing a sequence of operation of a wireless 

LAN according to the present invention; 

FIG. 3 is a block diagram of the wireless LAN according to the 
present invention; 

FIG. 4 is a diagram showing a sequence of operation (simple return) 
20 of the wireless LAN according to the present invention; 

FIG. 5 is a diagram showing a sequence of operation (packet drop) 
of the wireless LAN according to the present invention; 

FIG. 6 is a diagram showing a sequence of operation for 
communications between a wireless LAN terminal and a wireless LAN 
25 terminal; and 

FIG. 7 is a block diagram of the functions of an access limiter 



according to the present invention. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 
FIG. 2 shows a sequence of operation of a wireless LAN according 
5 to the present invention. 

As shown in FIG. 2, the wireless LAN has access limiter 101 which 
is a device for achieving features of the present invention. Access limiter 
101 has a routing function for returning packets sent between wireless LAN 
terminals, an access limiting function, and a DHCP (Dynamic Host 
10 Configuration Protocol) server function which is an automatic address 
resolution function for IP addresses. Wireless LAN access point 102 
operates to bridge between a wireless LAN and a wired LAN. Wireless 
LAN terminals 103, 104 communicate with wireless LAN access point 102. 
When wireless LAN terminal 1 (103) is turned on, it sends a DHCP 
15 request for automatically resolving its own IP address to wireless LAN 
access point 102. Since wireless LAN access point 102 operates as a 
simple wired/ 

wireless terminal bridge, it transfers the received DHCP request to access 
limiter 101. Access limiter 101 with the DHCP server function returns a 
20 DHCP response to the DHCP request to wireless LAN access point 102. 
IP address information allotted to wireless LAN terminal 1 (103) is as 
follows: 

IP address = IP1 (e.g., 192.168.1.1) 
Subnet mask = subl (e.g., 255.255.255.0) 
25 Default gateway = access limiter 101 (e.g., 192.168.1 .254). 

Having received the DHCP response, wireless LAN access point 102 
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converts the DHCP response from wired data to wireless data, and sends 
the DHCP response to wireless LAN terminal 1 (103). 

Wireless LAN terminal 1 (103) is now capable of performing IP 
communications according to the IP address information (IP address, 
5 subnet, and default gateway) allocated from the DCHP server. 

Similarly, wireless LAN terminal 2 (104) acquires the following IP 
address information: 

IP address = IP2 (e.g., 192.168.2.1) 
Subnet mask = sub2 (e.g., 255.255.255.0) 
10 Default gateway = access limiter 101 (e.g., 192.168.1.254). 

Though access limiter 101 is a single device, it has a plurality of IP 
addresses (two addresses in this example). 

According to the present invention, different subnets are allocated to 
respective wireless LAN terminals 1 (103), 2 (104). 
15 It is assumed that when the setting of the above IP addresses is 

completed, a packet is to be sent from wireless LAN terminal 1 (103) to 
wireless LAN terminal 2 (104). Since different subnets are allocated to 
respective wireless LAN terminals 1 (103), 2 (104), wireless LAN terminals 
1 (103), 2 (104) are unable to communicate directly with each other. 
20 Wireless LAN terminal 1 (1 03) sends a packet destined for wireless LAN 
terminal 2 (104) to the default gateway (= access limiter). 

Since the packet received by access limiter 101 is destined for 
wireless LAN terminal 2 (104), access limiter 101 transfers the packet to 
wireless LAN terminal 2 (104). At this time, access limiter 101 performs its 
25 various functions to inhibit or permit the transfer of the packet or buffers 
the packet to give priority to other packets for thereby achieving access 
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limitation. 

According to the present invention, since 
(A) different subnets are allocated to respective wireless LAN 
terminals, and 
5 (B) the terminals have identical gateways, 

a packet sent between wireless LAN terminals which would otherwise be 
returned from a wireless LAN access point is returned from an access 
limiter that is designated as a default gateway, so that inhibition/permission 
of packet transfer and priority control over packet transfer can be achieved 
10 without modifying an existing network or an existing devices. (If the access 
point may be modified, then it is not necessary to apply the present 
invention to the access point. If the access point has a return limiting 
function and a priority control function, then it is possible to apply the 
present invention to the access point without any problem.) 
15 FIG. 3 shows in block form the wireless LAN according to the 

present invention. 

As shown in FIG. 3, wired terminal 201 which is connected to a 
wired LAN is connected to access limiter 202 according to the present 
invention. Wireless LAN access point 203 is connected to access limiter 
20 202. Wireless LAN terminals 204, 205 are connected through wireless 
links to wireless LAN access point 203. 

FIG. 4 shows a sequence of operation of the wireless LAN according 
to the present invention. For illustrative purposes, address information is 
allocated to terminals as follows: 
25 Wireless LAN terminal 1 : 

IP address = 192.168.1.1 
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Subnet mask = 255.255.255.0 
Subnet = 192.168.1 

Default gateway = 192.168.1.254 (= access limiter); 
Wireless LAN terminal 2: 
5 IP address = 192.168.2.1 

Subnet mask = 255.255.255.0 
Subnet = 192.168.2 

Default gateway = 192.168.2.254 (= access limiter); 
Wired terminal: 
10 IP address = 192.168.0.1 

Subnet mask = 255.255.255.0 
Subnet = 192.168.0 

Default gateway = 192.168.0.254 (= access limiter). 
In this example, the single access limiter has the following three IP 
15 addresses: 

192.168.0.254, 
192.168.1.254, and 
192.168.2.254. 

The reference numerals 301 through 305 shown in FIG. 4 
20 correspond respectively to the reference numerals 201 through 205 shown 
in FIG. 3. 

When wireless LAN terminal 1 (304) is activated, it sends a DHCP 
request for automatically resolving its own IP address to wireless LAN 
address point 303. Since the DHCP request is a broadcast packet, 
25 wireless LAN address point 303 transfers the DHCP request to wired 

access limiter 302 and also broadcasts the DHCP request to the wireless 
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LAN as indicated by the broken-line arrows. Having received the DHCP 
request, access limiter 302 sets its own address to "192.168.1 .254" and 
sends the following information as a response to wireless LAN terminal 1 
(304): 

5 IP address = 192.168.1.1 

Subnet mask = 255.255.255.0 
Subnet = 192.168.1 

Default gateway = 192.168.1.254 (= access limiter). 
Though wireless LAN terminal 2 (305) receives the DHCP request, it 
10 drops the received packet as the DHCP server thereof is not activated. 

Similarly, when wireless LAN terminal 2 (305) is activated, access 
limiter 302 sets its own address to "192.168.2.254" and sends the following 
information as a response to wireless LAN terminal 2 (305): 
IP address = 192.168.2.1 
15 Subnet mask = 255.255.255.0 

Subnet = 192.168.2 

Default gateway = 192.168.2.254 (= access limiter). 
It is now assumed that a packet is to be sent from wireless LAN 
terminal 1 (304) to wireless LAN terminal 2 (305). 

20 Since the subnet "192.168.1 " of wireless LAN terminal 1 (304) and 

the subnet "192.168.2" of wireless LAN terminal 2 (305) are different from 
each other, wireless LAN terminal 1 (304) sends the packet to the default 
gateway. Prior to sending the packet, wireless LAN terminal 1 (304) sends 
an ARP (Address Resolution Protocol) request in order to resolve the MAC 

25 (Media Access Control) address of the IP address = 192.168.1.254 (= 

default gateway). Having received the ARP request, wireless LAN access 
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point 303 transfers the ARP request to wired access limiter 302 and 
wireless LAN terminal 2 (305). In reply to the ARP request, access limiter 
203 who has the same address returns a response, and wireless LAN 
terminal 2 (305) who has a different address drops the packet. 
5 Because wireless LAN terminal 1 (304) has had the MAC address 

resolved by the ARP request, wireless LAN terminal 1 (304) sends a 
packet destined for wireless LAN terminal 2 (305) to access limiter 302. 
Access limiter 302 returns the received packet, and sends it to wireless 
LAN terminal 2 (305). 

10 In this manner, a packet originating from wireless LAN terminal 1 

(304) and destined for wireless LAN terminal 2 (305) can be sent via 
access limiter 302. 

In FIG. 4, packets are simply returned to achieve the same 
environment as with the conventional communication environment. FIG. 5 

15 shows a sequence of operation of the wireless LAN according to the 
present invention with positive access limitation imposed. 

In FIG. 5, the sequence of operation serves to inhibit 
communications between wired LAN terminals. Though a DHCP procedure 
immediately after the system is activated is omitted from illustration in FIG. 

20 5, the details of such a DHCP procedure are the same as those shown in 
FIG. 4. 

It is assumed that a packet is to be sent from wireless LAN terminal 
1 (404) to wireless LAN terminal 2 (405). As with the sequence shown in 
FIG. 4, a ARP packet is sent, a MAC address is resolved, and a packet is 
25 sent to access limiter 402. 

Access limiter 402 detects that the designation is wireless LAN 
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terminal 2, and drops the received packet in order to inhibit the packet from 
being transferred, thus blocking communications between the wireless LAN 
terminals. If access limiter 402 has a buffering function to buffer the 
packet rather than dropping the packet, then access limiter 402 can 
5 perform priority control over packets depending on their property, e.g., can 
process audio packets with priority over other packets. 

FIG. 6 shows a sequence of operation for packet transmission from 
a wireless LAN terminal to a wired LAN terminal, though the illustrated 
sequence of operation has no direct bearing on the present invention. The 
10 portion of the sequence in which a MAC address is resolved by an ARP 
request and a packet is transferred to access limiter 502. In order to send 
a packet to wired terminal 501 , an ARP request it sent to wired terminal 
501 , and a MAC address is resolved. Thereafter, a packet is sent to wired 
terminal 501 . 

15 FIG. 7 shows in block form the functions of the access limiter 

according to the present invention. 

As shown in FIG. 7, access limiter 701 has two LAN interfaces, one 

connected to wired terminal 702 and one connected to wireless LAN 

access point 703. Wireless LAN terminal 704 is connected to wireless LAN 
20 access point 703. 

Access limiter 701 has access limifing function 71 1 which is one of 

the functions for operating access limiter 701 effectively. Access limiting 

function 71 1 passes or drops a received packet to thereby inhibit or permit 

communications between the terminals. 
25 Access limiter 701 also has a band limiting function 712 which is 

also one of the functions for operating access limiter 701 effectively. Band 
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limiting function 712 buffers a received packet to process audio packets 
with priority over other packets. 

Access limiter 701 also has routing function 713 for distributing 
packets selectively to wired terminal 702 and wireless LAN access point 
5 703 depending on the destination of the packets. 

Access limiter 701 further has DHCP server 714. DHCP server 714 
itself is of the ordinary nature, but has its settings established according to 
the present invention. Specifically, DHCP server 714 allocates IP 
addresses having different subnets for respective terminals in response to 
10 DHCP requests from wired LAN terminals. 

Access limiter 701 further has ARP server 715 which is normally 
installed in an existing IP protocol stack. 

While a preferred embodiment of the present invention has been 
described using specific terms, such description is for illustrative purposes 
15 only, and it is to be understood that changes and variations may be made 
without departing from the spirit or scope of the following claims. 
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